For snortrules-snapshot-2962 snort rules, need to sign up and download the subscriber rules from here

Edit the snort configuration file

There are two parts of configuriton have to modify

Internal and External Network address

12345678

# Setup the network addresses you are protecting# ipvar HOME_NET anyipvar HOME_NET 192.168.8.0/24# Here you need to check your network configure by using ifconfig# Set up the external network addresses. Leave as "any" in most situations# ipvar EXTERNAL_NET anyipvar EXTERNAL_NET !$HOME_NET

Path to your rules files

12345678910

# Path to your rules files (this can be a relative path)# Note for Windows users: You are advised to make this an absolute path,# such as: c:\snort\rulesvar RULE_PATH /etc/snort/rulesvar SO_RULE_PATH /etc/snort/so_rulesvar PREPROC_RULE_PATH /etc/snort/preproc_rules# If you are using repution preprocessor set thesevar WHITE_LIST_PATH /etc/snort/rulesvar BLACK_LIST_PATH /etc/snort/rules

Starts Snort in self-test mode

1

$ sudo snort -T -i eth0 -u snort -g snort -c /etc/snort/snort.conf

If there is a messagge said “Snort successfully validated the configuration! Snort exiting”, it’successful.